Sex, Cars and Luxury Watches sell cheaper on Labor Day. Spammers help people celebrate Labor Day in style. All they ask in return? To join their e-mail address databases for future spam.
Bargain hunting is the approach spammers employ for this year’s Labor Day celebration in the US, as they hope to refresh their e-mail address databases. Spammers and scammers are pushing holiday shoppers with dazzling offers for cars, sexual enhancement drugs, luxury watches and hairstyling sessions.
The apex of this seasonal spam wave was recorded on the 1st of September when approximately 8% of a sample pool of 2 million random spam e-mails sent worldwide were linked to the popular Labor Day holiday.
The offers include new and used cars for a large variety of brands, including BMW, Ford, Chevy, Acura, or Mustang. Sales hunters might find it tough to stay away from discounts of up to 70%.
Some e-mails ask recipients to enter their zip code to join the Labor Day sale program and fill in a registration form with sensitive authentication and card related data.
A second spam campaign that also uses car discounts as bait has links in the message body that lead to a subscription page where users are given the opt-out possibility. But giving away the e-mail address to allegedly have it deleted from the e-mail catalogue is risky. This can also be a trick scammers use to verify which of the addresses are active and gather new ones. All that lands in your inbox as unsolicited e-mail must be handled with extreme caution.
Fig.2 “Labor Day End of Summer Sales Event” spam e-mail
A massive similar spam wave promoting dumping prices for all Fords, old and new, first reached users’ inboxes in mid-October 2012, just as people started looking for Black Friday discounts. Then the links in the e-mails were transferring users to a site hosting an online game.
Fig.3 Dumping prices for Jetta S and Passat Wolfsburg promoted in spam e-mails
Bitdefender has identified to date a dozen seasonal lures that might actually persuade users to click links leading them to pages hosting download survey forms, unsubscribe forms or fill-in purchase forms. Chances are slight that these cars will ever be found in stock or be sold, but the form-filling process will give plenty of sensitive personal data to con artists.
Apart from hugely discounted cars, this year’s Labor Day offerings include price cuts for hairstyle sessions, nights of passion with model you get the chance to choose from a catalogue, auto parts, luxury watches, and Viagra.
Most of the advertised products are hosted on servers in Russia. The domains are registered for one year and the registrant’s information is obscured with privacy protection mechanisms.
This article is based on the spam samples provided courtesy of Adrian MIRON, Bitdefender Senior Antispam Researcher.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
tags
A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.
View all postsNovember 14, 2024
September 06, 2024